A group of US lawmakers have introduced a bill which, if passed into law, would ban US law enforcement and intelligence agencies from being able to force tech companies to create backdoors into their encrypted communications.
The bill, which has been titled the Secure Data Act is a bipartisan effort to try and protect US citizen’s online privacy as well as ensure that their data remains secure.
It was presented by U.S. Representatives Zoe Lofgren (D-Calif.) and Thomas Massie (R-Ky.) along with four co-sponsors, Jerrold Nadler (D-N.Y), Ted Poe (R-Texas), Ted Lieu (D-Calif.) and Matt Gaetz (R-Fla.).
The current legal position
Under current legislation, US intelligence agencies and law enforcement are able to request companies and individuals to provide access to encrypted devices and communications systems. They can even request court orders requiring companies to build a backdoor into encrypted communication systems.
The most high profile case of this was back in 2015 when the FBI took legal action against Apple to try and unlock the iPhone of San Bernardino terrorist Syed Rizwan Farook. Apple held their ground over that case and the FBI ended up paying around $1 million to an Israeli company to hack the device.
It was never revealed what, if any, meaningful evidence was found on Farook’s iPhone. However, a recent report from the Department of Justice Office of Inspector General criticized the FBI actions, saying they preferred to try and set a legal precedent than to pursue all possible technical solutions.
As we have reported recently, US Government agencies now claim to have the power to crack iPhone’s internally if they need to.
Backdoors put everyone at risk
But as the representatives behind the Secure Data Bill have explained, this situation puts everyone at risk.
Representative Zoe Lofgren (D-Calif.) explained in a formal press release accompanying the bill that it is not just criminals who become vulnerable when Governments can demand backdoors, but everyone using that device.
She argues that it is the job of Congress to protect US citizens and the products they use from hackers and warrantless surveillance which is what such backdoors would enable.
Representative Thomas Massie (R-Ky.) agreed, saying that encryption backdoors not only make people less safe but also damage the reputation of American goods abroad as well.
The US is not the only government to push for backdoors into encrypted communications. Both the UK and Australian Governments have also pushed for companies to allow them access to encrypted communications despite the huge number of experts who have queued up explain why backdoors are such a bad idea.
The reason a backdoor makes everyone less safe is that it can only work by introducing a vulnerability into a device or its software. As soon as that vulnerability is there, it means hackers can find it too.
They are often far more technically advanced than Government agencies are, and such a vulnerability is likely to be exploited quickly.
Government agencies themselves are also vulnerable to being attacked too, so even if the hacker cannot find the vulnerability directly, they may seek to obtain the data by hacking government systems.
There is a recent example of this when the US National Security Agency lost its hacking tools, which were then believed to have been used to create the devastating WannaCry ransomware which caused chaos around the world last year.
Secure Data Act still has a long way to go
It is therefore quite understandable why companies like Apple have stood up to Governments wanting to access encrypted communications and why we have seen similar stands all over the world. The situation between Telegram and the Russian regime is just the latest in a long line of examples.
So, it is encouraging to see Congressional figures not only understanding this but also introducing legislation to try and protect US citizens. However, despite the bipartisan nature of this bill, it has a long way to go before it makes it onto the statute books and affords US citizens the online protections they need.
For now, a VPN still offers the best way for American’s to keep their data safe. With a VPN everything you do is encrypted and if you use a provider located offshore, such as ExpressVPN or NordVPN, that encryption is out of reach of US law enforcement agencies regardless of how the Secure Data Act progresses.